A relatively new malware called FLocker or Frantic Locker, has been discovered by cybersecurity researchers at Trend Micro, targeting android devices that includes smart TVs.
The internet of things aims to connect every conceivable home device on a singular, accessible platform and this motivates cybercriminals to come up with novel new ways to administer their malicious wares. Case in point, a version of a ransomware called FLocker, which has the means to target, infect and lock down Smart TVs, until the ransom is paid, in iTunes gift cards.
Over 7,000 variants of the FLocker ransomware have been detected by Trend Micro since its initial discovery in May 2015. In April alone, there were over 1,200 different variants.
The latest among them is a police Trojan that purports to be from US Cyber Police or law enforcement agency. Amazingly, it accuses targeted victims of crimes they did not commit, before demanding 200 USD in iTunes gift cards. This variant, through Trend Micro’s investigations, can infect a mobile device and equally affect Smart TVs, as well.
Curiously, the ransomware initially checks where the compromised device is located, via IP. The following eastern European countries are exempted, resulting in the ransomware deactivating itself.
The no-hit list of countries are:
Every other country, makes for a compatible target. Once compromised, the ransomware waits for 30 minutes after infecting the target. Following the waiting period, the ransomware starts a background service that requests admin privileges.
“We consider it as a trick to bypass [the] dynamic sandbox,” Trend Micro stated in its blog. “If the user denies this request, it will freeze the screen, faking a system update.”
The analysis further revealed:
The ransomware screen, which renders on a mobile device just as easily as it does on a smart TV is as follows:
For users who are unfortunately compromised as a result of the malware, the security firm suggests reaching out to the hardware vendor. Technically adept users can attempt to remove the malware via ADB debugging, by connecting the device with a PC to launch the ADB shell and execute the following command:
“PM clear %pkg%”
The command instantly kills the ransomware process and undoes the lock screen. At this point, users can deactivate the admin privilege granted to the malware before uninstalling the application altogether.
Image credit: Vimeo.